Main menu

The hackers reportedly stole data on 57 million users and drivers, then demanded money from the company to delete the data. Photo by Autoweek

Uber paid hackers $100,000 to delete data they stole on 57 million users

Report: Company kept hack quiet, promises to make changes to way it does business

November 22, 2017

Share

Facebook

Tweet

Pinterest

Email

The ride-hailing company Uber came under attack from hackers in October 2016, an attack that the company had not disclosed until this week. The hackers stole personal data of 57 million Uber users, which included the names, email addresses and phone numbers of 50 million users and the same personal data as well as driver's license numbers of an additional 7 million drivers, the company admitted. Uber said that credit card information, Social Security numbers or trip locations were not part of the stolen data.

Uber did not report the hack at the time and made efforts to keep the news of it hidden, according to Bloomberg. The hackers reportedly used login credentials obtained on the GitHub coding site used by Uber employees to access an Amazon Web Services account that belonged to the company, which contained an archive of 57 million Uber riders and drivers. Uber was then contacted by the hackers asking for money, and Uber reportedly paid $100,000 to the hackers themselves to delete the stolen data and to not publicize the event of the hack itself, Bloomberg reports.

"Rider information included the names, email addresses and mobile phone numbers related to accounts globally," Uber said in a blog post discussing the incident. "Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.

"When this happened, we took immediate steps to secure the data, shut down further unauthorized access and strengthen our data security."

Months after the hack, Uber fired its chief security officer and one other top-ranking security employee. The company has promised to make amends.

It's taken for granted that the autonomous systems being tested right now require a lot of computing power, but it's easy to overlook that all of that computing power comes at a cost of ...

A lot of questions about the hacking attack remain unanswered for now, including the identities of those responsible, as well as the actual extent of the compromised data. Uber indicated this week that it believes that the stolen data was never used by the hackers but offered no proof that the $100,000 payment assured that the data was, in fact, deleted.

"We do not believe any individual rider needs to take any action," Uber said on its blog. "We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection.

"None of this should have happened, and I will not make excuses for it," Uber CEO Dara Khosrowshahi said in a statement in response to the hack. "While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."

Uber revealed more news and a slick video about its project Elevate at the Web Summit in Lisbon. The project envisions a fleet of flying helicopter/airplane/drones that would take people from helipad ...